[SHIBUI-1062]

Added permissions check to getUsersWitHRole
TIER · Jan 25, 2019 · ae1df15 · ae1df15
1 parent 7a1de10
commit ae1df15
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/...main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java b/...main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java
@@ -10,6 +10,7 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.crypto.bcrypt.BCrypt;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.DeleteMapping;
@@ -60,6 +61,7 @@ public ResponseEntity<?> getOne(@PathVariable String username) {
         return ResponseEntity.ok(findUserOrThrowHttp404(username));
     }
 
+    @Secured("ROLE_ADMIN")
     @Transactional
     @GetMapping("/role/{rolename}")
     public ResponseEntity<?> getUsersWithRole(@PathVariable String rolename) {